QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2014-2681

Back to search

CVE-2014-2681

Published: Nov 16, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service (CPU and memory consumption) via an XML External Entity (XXE) attack. NOTE: this issue exists because of an incomplete fix for CVE-2012-5657.

VendorProductVersions

n/a

n/a

affected
n/a

References

MDVSA-2014:072
vendor-advisory
x_refsource_MANDRIVA
66358
vdb-entry
x_refsource_BID
DSA-3265
vendor-advisory
x_refsource_DEBIAN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now